Hi Adopter,

Before a Microsoft engineer ships an AI feature, the work clears fourteen numbered gates. Not principles. Gates. They live in a public document you can download right now, a Standard that spells out what every team must prove at each stage of building. In 2024, 396 projects hit the hardest gate and got escalated to a team whose entire job is to ask what could go wrong. Seventy-seven percent of them were generative AI.

Most companies have the opposite. A principles page. Six tidy words on a slide, fairness and accountability and the rest, with nothing behind them that can stop a launch. Microsoft has the words too, the same six, adopted in 2018. The difference is that Microsoft built the machine behind the words and then published the blueprints. The Standard, the templates, the org chart, the annual report on what got reviewed, all of it is sitting in public.

So this week you take it. Almost every layer of this system has a one-person, one-page version a small team can run on Monday. And the part that is genuinely hard to copy is not the part you would guess.

Most companies have a principles page. Microsoft built the machine.

Your board asks how you govern AI. Your biggest customer’s security team asks. Soon a regulator asks. You open a deck with six values on it, and everyone nostalgically agrees they are good values, and nothing about how you actually build changes the next morning. Values do not govern anything. They are a vibe. A gate governs.

What makes Microsoft worth studying is not that its values are better than yours. It is that the company turned the values into six domains and fourteen auditable goals, each one a thing a team has to produce evidence for, and then did the genuinely strange thing of making the rulebook public so anyone could copy it. You can read the actual requirements. Not a press release about the requirements. The requirements.

That is the rare gift here. You are not reverse-engineering a competitor’s secret. You are reading their homework, which they left on the table on purpose.

And they keep receipts. Once a year Microsoft publishes a Responsible AI Transparency Report, now in its second edition, that tallies what the company actually did: thirty internal tools, more than 155 governance features, forty published notes explaining how its AI products behave. In early 2025 it went a step further and had Microsoft 365 Copilot certified against ISO/IEC 42001, the first international standard for managing an AI system, by an outside auditor. Most companies cannot point to a single artifact proving their principles ever changed a decision. Microsoft hands you a yearly report and an external stamp.

Principles do not govern anything. Gates do.

Strip the system down and two gates do most of the work.

The first fires early. Microsoft’s rule is that a team completes an Impact Assessment “early in the system’s development, typically when defining the product vision and requirements”, on a standard template, reviewed before development starts. Before the build. Not as a launch-week formality when the thing already exists and saying no would mean wasting six months of someone’s work.

The second fires at the end. Before launch, teams define and document Responsible Release Criteria: specific performance metrics with thresholds, specific error types with thresholds. The feature passes the bar you wrote down, or it does not ship. A gate is just a moment where a named person is allowed to say no.

And there are named people. The Responsible AI Council is co-chaired by President Brad Smith and CTO Kevin Scott, and it reports up to the board. Underneath sits the Office of Responsible AI, run by a Chief Responsible AI Officer who writes the policy and reviews the hard cases. Then an engineering arm called RAISE and a network of trained Champions who sit close to the product teams and catch problems before they reach the Council. Policy at the top, a human in the room at the bottom. More than 540 people now work on responsible AI across Microsoft, over half of them full-time, a community that grew by a third in a single year.

The gate is not the document. The gate is a person with a name who is allowed to say no before you build, not after you ship.

That structure is why the 396 number exists at all. A gate that nobody can escalate through is theater. A gate wired to an office that can actually halt a launch produces a paper trail of 396 real decisions in a single year.

Below, the part you can use:

• How one feature actually moves through the gates, from idea to launch

• The one-page governance doc a five-person team can write this week

• The measurement system Microsoft uses to prove the value, with the real numbers

• The two times the machine got overridden, and the lesson hiding in both